Corporate Computer Security (4th ED) CH. 8-10

Ace your homework & exams now with Quizwiz!

IP Telephone

A PC with VoIP software

Magnetic Tape

A backup media that stores large amounts of data at the lowest cost per bit of all backup media

Shadowing

A cankup copy of each file being worked on is written every few minuets to the hard drive or to another location

Apache

A freeware web-server program

Voice over IP (VoIP)

A phone call over the IP internet

JavaScript

A scripting language

VBScript

A scripting language

Registrar Server

A server that verifies the user's credentials

Danvers Doctrine

Add strong security to all of its supervisory protocols

Presence Servers

Allow the two parties to locate each other

Simple Network Management Protocol

Allows a company to control many remote managed devices from a central manager

Buffer Overflow

An attack that sends a message with more bytes than the programmer had allocated for a buffer

Caller Impersonation

An attacker impersonating someone while calling someone else

Login Screen Bypass

An attacker types a URL to a page beyond the login screen when the login screen appears

Data Extrusion Management

Attempts to prevent restricted data files from leaving the firm without permission

Overfiltered

Blocking E-Mails that should not have been blocked

Toll Fraud

Breaking into corporate VoIP system in order to place free long-distance and international telephone calls

Hardware Security Module

Create and store cryptographic keys

Raid 5

Distributed Parity (Striping with parity)

Discovery Process

Dredge up messages in which an employee has said something embarrassing or even obviously illegal

Local Backup

Each computer is backed up individually

Continuous Data Protection (CDP)

Each site backs up the other site

Scripting Languages

Easier to learn than programming languages

Parity Bits

Enable reconstruction of data stored on other disks

Backup

Ensuring that copies of data files are stored safely and securely and will survive even if the data on the host are lost or damaged.

SQL Injection

Entering a string that includes both the user's name and another SQL query

Data Model

Entity names, attributes, and the structure of relationships between entities

What are the two main sinaling standard in VoIP?

H.323 for older systems and Session Initiation Protocol(SIP)

Codec

Hardware or software that converts a persons voice into a stream of digital bytes

Circle of Trust

If you trust Pat, and Pat trusts Leo, then you also trust Leo

Watermark

Invisible information stored in files

Malicious Links

Links that point to malicious software or malicious websites

Eavesdropping

Listening to a phone call without permission

Traffic Analysis

Measures the amount of traffic or a particular type from one party to another

Active-X

Microsoft created language for active webpage content

Internet Information Server (IIS)

Microsoft's web-server software

Raid 1

Mirroring

Data masking

Obscures data such that it cannot identify a specific person but remains practically useful.

Cross-Site Scripting (XSS)

One users input can appear on the page of another user

File/Directory Data Backup

Only backs up data on the computer, not programs

File/Directory Encryption

Only encrypts the specific files and directories you tell to encrypt

Incremental Backup

Only save the data changed since the most recent backup

Buffers

Places where data is stored temporarily.

Return Address

Points to the location in RAM that holds the address of the next command to be executed in the suspended program

Image Spam

Presents spam as a graphical image

PGP

Pretty Good Privacy

Personally Identifiable Information

Private employee or customer information

Spreadsheet Vault Servers

Provides strong access control including authentication of suitable strength , authorizations and auditing

Full Backup

Record all the data on the computer, and can take a long time

RAID

Redundant Array of independent disks

Hexadecimal Directory Traversal Attack

Sending HTTP directory traversal messages with two hexadecimal codes for dots

Data Loss Prevention

Set of policies, procedures. and systems designed to prevent sensitive data from being released to unauthorized persons.

Java Applets

Small Java programs

Cookie

Small text string that the website owner can place on a client computer

Development Servers

Specialized servers to grant developers special permissions

Testing Server

Specialized servers used to test the server-side applications

Federal Rules of Civil Procedure

Specify processes that apply to lawyers and judges in civil cases

Tables/Relations

Stores information about an entity

Archiving

Storing backup data for extended periods

Raid 0

Striping

Website Defacement

Taking over a computer and putting up a hacker-produced page instead of the normal home page

E-Commerce Service

The additional software needed for bying and selling, including online catalogs, shopping carts, checkout functions, connections to back-end databases within the firm, and links to outside organizations, such as banks

Acceptable Data Loss

The amount of data that is appropriate to loose in the event of a disaster

Centralized backup

The backup is done over the network from a central backup console

Transport

The carriage of voice between the two parties

Mesh Backup

The client PCs in an organization back up each other

Initial Discovery Meetings

The defendant must be able to specify what information is available for the legal discovery process

404 Errors

The directory or file is not found

Image Backup

The entire contents of the hard drive are copied to backup media

backup console

The location of the centralized backup

Information

The meaning extracted from data

Recovery Point Objective (RPO)

The point in time before the disaster to which all prior data must be recoverable

Production Server

The production servers provides the services to the users

Data

The raw facts

Recovery Time Objective (RTO)

The time required to recover from a disaster and restore normal operations

Nominal Deletion

This happens when you select a file and press the delete key, it is moved to the recycle bin, the data can be recovered easily.

SIP Proxy Server

This server contacts a proxy server in the called party's network

PSTN Gateway

Translate between VoIP and PSTN

Entities

Types of objects that represent. persons. places. things. or events

Directory Traversal Attack

Typing URLs with ".." in them can give access to sensitive directories, including the command prompt directory

Spam

Unsolicited commercial e-mail

Data Manipulation Language (DML) Triggers

Used to produce automatic responses if data have been altered

Data Definition Language (DDL) Triggers

Used to produce automatic responses if the structure of the database has been altered.

Ajax

Uses multiple technologies to create dynamic client-side applications.

Profiling

Using statistical methods, algorithms, and mathematics to find patterns in a data-set which uniquely identify an individual

Granularity

When a database is used for trend analysis

Disk Array

Writing data to an array of hard drives

Digital Rights management (DRM)

attempt to limit what users can do to data, in order to reduce security threats

Document Restrictions

attempt to limit what users can do to documents, in order to reduce security threats

Database management Systems (DBMS)

can mange database structures, and restrict access to individual databases

Attributes

characteristics (adjectives) about the entity that you want to collect

Auditing

collect information about users interactions with databases

Signaling

communication to manage a network

Whole-Disk Encryption

encrypts an entire disk drive

WWW Root

in a request for a file to be downloaded the "root" is really a particular directory owned by the web-server.

Databases

integrated collections of data, and metadata, stored on computers

Validate

making sure they are in the expected data type

Data Loss Prevention (DLP) Systems

manage data extrusion, extrusion prevention filtering and DLP policies

Key

one, or more, attribute that uniquely identifies each row

Row(AKA Tuple/Record)

represents a specific occurrence of the entity


Related study sets

PrepU Nutrition, Honan Chapter 30: Nursing Management: Diabetes Mellitus, Med Surg 2 Test 5 Chapter 51, Chapter 51-1, Diabetes PrepU, Chapter 51 Diabetes PrepU, Diabetes, PREPU Chapter 46 Assessment and Management of Patients with Diabetes, Chapter 5…

View Set

BIO 141 Chapters 7 & 12 Review Questions

View Set

Anthropology Final Exam: Economy

View Set

Chapter 3: Marine Provinces (questions)

View Set

KNSFHP Healthy Relationships Study 2/3

View Set